Jacobian

Security Assurance Engineer

Jacobian

full-time

Posted on:

Location Type: Hybrid

Location: PittsburghPennsylvaniaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

SeniorLead

Tech Stack

AWSCloudSDLCServiceNow

About the role

  • Own the security and privacy policy library: drafting, updating, and rationalizing policies across ISO 27001, SOC 2, HIPAA, and GDPR requirements
  • Translate regulatory requirements into practical, enforceable controls that engineering and operations teams can actually implement
  • Maintain alignment between the ISMS (ISO 27001) and QMS (ISO 13485) documentation to reduce duplication and audit burden
  • Conduct and maintain risk assessments across the enterprise, including vendor/third-party risk, product risk, and operational risk
  • Own the risk register and work with risk owners to track treatment plans and exceptions
  • Perform security assessments for new tools, AI systems, and vendors before adoption
  • Coordinate evidence collection and remediation for SOC 2 Type II, ISO 27001, and customer audits
  • Respond to customer security questionnaires (MDS2, SIG, CAIQ, custom) efficiently and accurately
  • Track regulatory changes (EU AI Act, state privacy laws, FDA guidance) and assess their business impact
  • Partner with Engineering on secure development practices, threat modeling, and SDLC compliance
  • Support HR and IT on security awareness, onboarding/offboarding, and acceptable use policies
  • Work with Legal on DPAs, contract security terms, and incident notification requirements

Requirements

  • 7–10 years of experience in GRC, security compliance, or related roles
  • Direct, hands-on experience with at least three of: ISO 27001, SOC 2, HIPAA, GDPR, FDA QSR/SaMD, or ISO 13485
  • Strong policy writing skills — you can turn complex regulatory language into clear, actionable documentation
  • Experience managing risk registers and conducting structured risk assessments
  • Familiarity with cloud environments (AWS preferred) and SaaS security considerations
  • Comfort with CI/CD tooling and collaboration platforms such as Jira and Confluence
  • A track record of driving projects to completion independently, without heavy oversight
  • Experience in healthcare, healthtech, or medical device environments (Nice-to-Have)
  • Familiarity with EU MDR, IEC 62304, or FDA software guidance for SaMD (Nice-to-Have)
  • Hands-on experience with GRC platforms such as SecureFrame, Vanta, Drata, OneTrust, or ServiceNow GRC (Nice-to-Have)
  • Understanding of AI/ML governance and emerging regulations like the EU AI Act (Nice-to-Have)
  • Relevant certifications: CISSP, CISM, CRISC, CIPP, ISO 27001 Lead Implementer/Auditor, or HCISPP (Nice-to-Have)
Benefits
  • Join a fast-growing healthcare technology company shaping the future of AI in radiology
  • Work on meaningful products that improve radiology workflows and support better patient outcomes worldwide
  • Be part of a mission-driven team that values trust, quality, collaboration, and innovation
  • Enjoy flexible working hours and a hybrid work arrangement
  • Competitive compensation and benefits package
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
ISO 27001SOC 2HIPAAGDPRrisk assessmentspolicy writingrisk register managementcloud environmentsCI/CD toolingGRC platforms
Soft Skills
project managementcommunicationindependent workpolicy draftingcollaboration
Certifications
CISSPCISMCRISCCIPPISO 27001 Lead ImplementerISO 27001 AuditorHCISPP